[netflow-tools] Input for softflowd from pcap file.
Damien Miller
djm at mindrot.org
Mon Jul 23 16:30:20 EST 2007
On Mon, 9 Jul 2007, subramanian ramasamy wrote:
> Hi,
>
> Iam new to NetFlow and softflowd.
>
> I ran softflowd with input from a pcap file which has a 20 min complete ssh
> conversation between two machines. I ran tcpdump on the collector machine
> and saved the NetFlow V9 traffic from softflowd. I saved the exported info
> as dmp file and later examined using wireshark. I only see Template Flowset
> and no Data Flowset.
>
> Am i doing anything wrong ?
I have no idea - this is a pretty convoluted way to look at flows.
Softflowd is definitely seeing the flow, and appears to be exporting it.
Could you set up some NetFlow (e.g. flowd) and try to capture it?
-d
More information about the netflow-tools
mailing list